Article

Bafin strengthens anti-financial crime and cyber supervision

Bafin strengthens anti-financial crime and cyber supervision
On May 27, 2026, the German Federal Financial Supervisory Authority (“Bafin”) announced a material reinforcement of its supervisory activities in the areas of anti-money laundering (AML), counter-terrorism financing (CTF), and the pursuit of unauthorized financial business. 

The announcement entails both a structural reorganization and a reallocation of supervisory resources towards the risk areas that have become most pressing for the German financial sector. For financial institutions, this signals a significant increase in supervisory intensity in the AML/CTF and cyber risk areas, with more frequent and more focused supervisory audits, deeper forensic scrutiny, and heightened expectations as regards governance, controls, and reporting to be expected in the months ahead. 

Structural reorganization along horizontal, specialized lines

With effect from July 1, 2026, Bafin will, in particular, reorganize its divisional structure repurposing “Division A” as the new “Anti-Financial-Crime” division bundling AML/CTF prevention and the prosecution of unauthorized organization. The key takeaway for financial institutions is that this reinforces the trend towards stronger horizontal, topic-specific specialist teams within Bafin. 

This broadly follows the model established by the ECB’s supervisory architecture under the Single Supervisory Mechanism, and responds to the risk areas of growing importance for financial institutions, in particular AML/CTF and cyber risk, and is consistent with the tightened requirements under the EU AML Package, which will further raise AML/CTF compliance obligations across the European financial sector and is already shaping national supervisory priorities. 

Reallocation of supervisory resources to rising-risk areas

Bafin’s President Branson stated that the authority will deploy its resources in a more risk-oriented manner across the organization: “We are shifting resources to areas where risks are increasing.” Approximately 30 additional positions are to be created within the AML/CTF supervision department. Further resources will be allocated to the supervision of cyber risks and to the distribution of investment products, and Bafin’s forensic capabilities will be reinforced.

Implications for financial institutions

For supervised institutions, the intensification of supervisory activity in the AML/CTF and cyber risk areas—a trend observed in our advisory practice over recent months—is expected to continue. Institutions should anticipate more frequent and more focused supervisory audits, deeper forensic scrutiny, and heightened expectations as regards governance, controls, and reporting. 

The strengthening of cyber oversight should also be seen against the backdrop of the evolving threat landscape, including new AI models such as Anthropic’s Mythos, in relation to which Bafin has already issued explicit warnings earlier this year. Against this background, a review of existing AML/CTF frameworks, cyber resilience arrangements, and the related governance structures should be a priority for financial institutions. 

Please let us know if you would like to discuss what these developments mean for your institution and how preparatory measures, such as a pre-audit health check, could help you prepare for a potential special audit. We would also be happy to share lessons learned from recent AML/CTF audits with you. 

Related capabilities